2e9388
From bce98a84720aa6ffdec72e923248719c3cbea8d3 Mon Sep 17 00:00:00 2001
2e9388
From: Martin Babinsky <mbabinsk@redhat.com>
2e9388
Date: Tue, 24 Nov 2015 16:40:52 +0100
2e9388
Subject: [PATCH] do not disconnect when using existing connection to check
2e9388
 default CA ACLs
2e9388
2e9388
https://fedorahosted.org/freeipa/ticket/5459
2e9388
2e9388
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2e9388
---
2e9388
 ipaserver/install/cainstance.py | 5 +++--
2e9388
 1 file changed, 3 insertions(+), 2 deletions(-)
2e9388
2e9388
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
2e9388
index c72d11d1e0b86c040dc497744cda87aab22caafd..c20bf39c12cff0777d90efad2b0d8d136ee37ec9 100644
2e9388
--- a/ipaserver/install/cainstance.py
2e9388
+++ b/ipaserver/install/cainstance.py
2e9388
@@ -1846,7 +1846,8 @@ def _create_dogtag_profile(profile_id, profile_data):
2e9388
 
2e9388
 def ensure_default_caacl():
2e9388
     """Add the default CA ACL if missing."""
2e9388
-    if not api.Backend.ldap2.isconnected():
2e9388
+    is_already_connected = api.Backend.ldap2.isconnected()
2e9388
+    if not is_already_connected:
2e9388
         try:
2e9388
             api.Backend.ldap2.connect(autobind=True)
2e9388
         except errors.PublicError as e:
2e9388
@@ -1870,7 +1871,7 @@ def ensure_default_caacl():
2e9388
         api.Command.caacl_add_profile(u'hosts_services_caIPAserviceCert',
2e9388
             certprofile=(u'caIPAserviceCert',))
2e9388
 
2e9388
-    if api.Backend.ldap2.isconnected():
2e9388
+    if not is_already_connected:
2e9388
         api.Backend.ldap2.disconnect()
2e9388
 
2e9388
 
2e9388
-- 
2e9388
2.4.3
2e9388